CVE-2022-28739

Published: May 9, 2022

Modified: Nov 4, 2025

PUBLISHED

Description

There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x before 3.1.2. It occurs in String-to-Float conversion, including Kernel#Float and String#to_f.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://hackerone.com/reports/1248108

https://security-tracker.debian.org/tracker/CVE-2022-28739

https://www.ruby-lang.org/en/news/2022/04/12/buffer-overrun-in-string-to-float-cve-2022-28739/

https://security.netapp.com/advisory/ntap-20220624-0002/

https://support.apple.com/kb/HT213488

https://support.apple.com/kb/HT213494

https://support.apple.com/kb/HT213493

20221030 APPLE-SA-2022-10-27-5 Additional information for APPLE-SA-2022-10-24-2 macOS Ventura 13

mailing-list

20221030 APPLE-SA-2022-10-24-2 macOS Ventura 13

mailing-list

20221030 APPLE-SA-2022-10-24-4 macOS Big Sur 11.7.1

mailing-list

20221030 APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

mailing-list

20221030 APPLE-SA-2022-10-27-6 Additional information for APPLE-SA-2022-10-24-3 macOS Monterey 12.6.1

mailing-list

https://lists.debian.org/debian-lts-announce/2023/06/msg00012.html

https://security.gentoo.org/glsa/202401-27

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2022-28739

Description

Affected Products

References